SS7 is vulnerable to attack. However, the types off attacks on the video don't affect Signal as it requires a pin. (Make sure you set your pin to something strong and secure)

Fingerprinting isn't always possible to defeat, and its not always possible to avoid making accounts (work and school accounts)

However, it should be possible to fill up tracked data with meaningless garbage and reduce the signal-to-noise ratio. Ex: a bot that browses random products on amazon to reduce profiling accuracy.

Do you guys know of any tools that do this? Anything from browser extensions to command line scripts, to anonymous group-accounts.

I'm entertaining the idea of starting a digital privacy and security blog. As a matter of fact, I am self hosting it right now, but mainly for friends, family and acquaintances. It's super basic, more rants than articles honestly, 🤣

Since the only 2 social networks I have are Lemmy and Mastodon, I've been avoiding allowing sharing to Facebook, Twitter and other mainstream SNs.

My wife thinks I should just host it on a cloud and share it everywhere with the argument of, and I quote, "the platforms you use are already full of people as paranoid as you. If you really want to bring your knowledge and experience to others, you should allow us to share to the platforms full of people oblivious to the dangers you constantly slam us with" (which is absolutely true. I'm a thorn on their side, lol.

What do you guys think? Should I add features to share to those places? Would you if it was you? Under no circumstances will I post on any of them, and if I allow to share from my blog, my inner circle would be the one doing the sharing.

I do want to help spread our gospel, but I think that most people in those platforms are just to far gone to even care. I don't even know what to think anymore. I've only written 2 articles so far anyway, so it's not like I'd be the New York Times of privacy or anything.

My threat model is against mass surveillance. This is one of the hardest threat models to defend against and to justify, because (at least here in the US), mass surveillance has become normalized. I've heard people directly tell me that "privacy is weird." I'm not here to shoot down the Nothing to hide argument literally labelled on Wikipedia as "a logical fallacy," instead, I want to take my own approach to show just how unnatural mass surveillance is.

Picture this: Your best friend tells you that he heard rumors that someone put cameras in your house and was actively spying on you. That is super creepy, but you brush it off and say that nobody would do that, because who would care that much about you? However, when you get home, you look around and find multiple dozen hidden cameras everywhere. Think about how you're feeling right now, knowing that you're being watched. Even though you know that you're being watched, but have no idea who has been watching you, what they have seen, or how long they've been watching you, it's disillusioning and creepy to find out that what your friend said was true.

Then, you do some digging online and find out that everyone in your neighborhood is also being watched. Oh, it's fine then, right? Suddenly it's much better that you're not alone. No! More surveillance is not a good thing. People fall into the false belief that as long as it's not targeted surveillance or a personal attack that it's suddenly fine, that you will just blend in with the noise. Your data is valuable, and spying in any capacity is NOT normal. Remember: The situation never changed, you are still being watched, you just found out that not only you, but everyone around you is also being spied on.

You still have no idea who is watching you, and it's even worse to find out that it might not just be one person, that anyone can buy this data for cheap. Data like this can be used to stalk you, drain your bank account, read intimate personal texts, rig elections, manipulate you into buying things you never intended to buy, and so much more. This is the state of mass surveillance and it needs to stop. It's not a conspiracy, the dystopia is today.

Mass surveillance is not normal. Privacy also isn't normal: it's a right, instead.

cross-posted from: https://lemmy.world/post/19944734

KANSAS CITY, Mo. (KCTV) - A sight previously thought to be science fiction is very real at a southeast Kansas City shopping center. Instead of a police officer, a security robot has been patrolling sidewalks and shoppers are taking notice.

Since Marshall the robot has been on the job, shoppers say the experiences have completely changed when they come to these stores. The robot can spend 23 hours a day monitoring the parking lot from all angles which gives people a new sense of protection and ease they don’t always have when out.

Marshall took over security at Brywood Centre in April. Before that, Karen White noticed a lot of trouble outside the shopping center.

“Sometimes it’d be concerning for your car like someone could take it or something,” White said.

Knowing now that Marshall is always watching, the risk of crime does not worry her or others as much.

“It made it very better, like you can’t be in the parking lot without seeing the robot,” White continued. “So, I think it scared them off.”

We all know how awful most modern websites are in terms of bloat, javascript and tracking. Not only that, but designing and maintaining web-browsers has become such a gigantic undertaking (almost the size of an operating system), that only a few companies have the resources to do it (google and mozilla, and mozilla might not hold on for much longer).

These alternative protocols offer a minimal set of features, and are trying to get back to what the web should've been: static content with images, text, and links, with local applications filling the void for anything more complicated than that.

Lets say I wanted a privacy-friendly way to view a page on a news site. I could:

• Copy the URL of the page
• Open some tool, (or website, anything), paste that url.
• It converts the content in the url to the necessary privacy-friendly alternative format, and I can view it with my gopher/gemini browser (or even maybe a markdown viewer).

I know there are a few html -> markdown converters that can do the last step.

Does anyone know if this would work?

Most people think that HIPAA means that their medical records are kept private. But what if I told you that HIPAA doesn’t protect your privacy at all?

This is our first video in a series about medical privacy, specifically looking at legislation that stripped individuals of the right to consent to medical data sharing.

We focus on what HIPAA actually is, how it came to allow our data to be shared without us even knowing, how we’ve been tricked into thinking we have privacy, and steps we can take to reclaim control of our medical data.

Hi guys I was looking for an E2EE cloud storage with reasonable pricing (I need nothing special just for personal use) and found filen.io pretty compelling. Does anyone here use filen? How is your experience with it?

Convincing people to use apps such as Signal is hard work and most can't be convinced. But with those you manage to convince, do you feel happy to talk to them on Signal?

The problem is these people use Signal on Android/IOS which can't be trusted and IOS has recently been in the news for having a backdoor. And it has also been revealed that american feds are able to read everyone's push notifications and they do this as mass surveillance.

So not only do you have to convince people to use Signal which is an incredibly difficult challenge. You also have to convince them to go into settings to disable message and sender being included in the push notifications. And then there's the big question is the Android and IOS operating systems are doing mass surveillance anyway. And many people find it taking a lot of effort to type on the phone so they install Signal on the computer which is a mac or Windows OS.

So I don't think I feel comfortable sending messages in Signal but it's better than Whatsapp.

These were some thoughts to get the discussion started and set the context.

So something pissing me off is websites like lusha or dropcontact who use AI to give their customers your mail address if they only enter your name (which they get from LinkedIn, your company's website,...).

Our mailaddresses have the most basic format of [email protected]

So after threatening another one of those nuisances with a GDPR complaint, it got me thinking that this will become the new normal. We will have to live with it that someone tries to guess our mailadress instead of getting them from some shitty address dealer.

An idea to get rid of the problem in the future would be to add a random secret to work mail addresses, like

[email protected] Where the secret could be anything consisting of several letters. That way you can ensure that only people who you shared your contact details have your mailadress. What's your thoughts?

Popular social media platforms and video streaming services pose serious risks to user privacy, with children and teenagers most at risk, the Federal Trade Commission found in a report published Thursday.

The report, which stretches more than 100 pages, details the data, advertising and recommendation-system efforts by these companies, and how they rely on information about users to sell ads. Users also “lacked any meaningful control over how personal information was used for AI-fueled systems” on the companies’ platforms, according to the report.

“While lucrative for the companies, these surveillance practices can endanger people’s privacy, threaten their freedoms, and expose them to a host of harms, from identify theft to stalking,” FTC Chair Lina Khan said in a press release...

LinkedIn users in the U.S. — but not the EU, EEA, or Switzerland, likely due to those regions’ data privacy rules — have an opt-out toggle in their settings screen disclosing that LinkedIn scrapes personal data to train “content creation AI models.” The toggle isn’t new. But, as first reported by 404 Media, LinkedIn initially didn’t refresh its privacy policy to reflect the data use.

The terms of service have now been updated, but ordinarily that occurs well before a big change like using user data for a new purpose like this. The idea is it gives users an option to make account changes or leave the platform if they don’t like the changes. Not this time, it seems.

To opt out of LinkedIn’s data scraping, head to the “Data Privacy” section of the LinkedIn settings menu on desktop, click “Data for Generative AI improvement,” then toggle off the “Use my data for training content creation AI models” option. You can also attempt to opt out more comprehensively via this form, but LinkedIn notes that any opt-out won’t affect training that’s already taken place.

The nonprofit Open Rights Group (ORG) has called on the Information Commissioner’s Office (ICO), the U.K.’s independent regulator for data protection rights, to investigate LinkedIn and other social networks that train on user data by default.

“LinkedIn is the latest social media company found to be processing our data without asking for consent,” Mariano delli Santi, ORG’s legal and policy officer, said in a statement. “The opt-out model proves once again to be wholly inadequate to protect our rights: the public cannot be expected to monitor and chase every single online company that decides to use our data to train AI. Opt-in consent isn’t only legally mandated, but a common-sense requirement.”

Leak on latest #ChatControl attempt (in German): https://netzpolitik.org/2024/interne-dokumente-sperrminoritaet-gegen-chatkontrolle-wackelt/ +++ Only AUT, DEU, EST, LUX, POL, SVN were critical – no blocking minority! +++ BEL, CZE, FIN, ITA, NLD, PRT, SWE undecided +++ EU legal experts confirm violation of our fundamental rights +++ Only 5 days to next discussion +++

Help pressure our governments into defending our #privacy of correspondence and secure #encryption now: https://www.patrick-breyer.de/en/take-action-to-stop-chat-control-now/

Not just locally on the device! There must be an error when calling or texting the number.

Data must work for internet for Signal, VoIP, etc.

This is for a UK PAYG SIM.

There should be no way for anyone to demand my number, or for me to leak it, or doing so should be irrelevant as it does not work.

This should be far more secure and privacy friendly than a Sim card of a cellular connection. Why isn't this done more often? What are the Pros and Cons. I bet the price is similar as well.

I'm wondering which is more free (as in freedom) so I can make the right choice. I've also heard people say the regular PinePhone is better than the Pro version. I am planning on using it as a daily driver. I understand it's not perfect yet, but I'm dedicated to make it work, I don't do much with my phone. I also just want to help support Linux-based phones and would like to see it become more popular in the future! I'm planning on dropping my Google Pixel w/ GrapheneOS for this.

Need at least the camera, if not that plus a microphone and speakers, not the lock or bell.

Libre Software (Obviously) + End-to-End Encryption

Small and easy to hide, so the camera isn't stolen, attacked or bypassed.

Best answer yet

Hi :) How concernt are you about leaking your personal information by using a custom-domain for emails? Because anyone could see, who registered the domain, correct?

I've been trying to delete as many online accounts as possible to reduce the threat of my personal information / duplicate passwords / my cell number getting out there. I know, it's probably not worth the effort but it does at least clean up my password manager and MFA app.

I've tried had trouble getting my personal information scrubbed and my account deleted at Robinhood and LendingTree. Both have policies that claim they're unable to delete user accounts due to federal regulations.

Here's the bit from Lending Tree: https://www.lendingclub.com/legal/privacy-policy

Data Retention: Due to the regulated nature of our industry, we are under legal requirements to retain data and are generally not able to delete consumer transactional data, credit or deposit account application data, or other financial information upon request. Certain regulations issued by state and/or federal government agencies may require us to maintain and report demographic information on the collective activities of our membership. We may also be required to maintain information about you for at least seven years to comply with applicable federal and state laws regarding recordkeeping, reporting, and audits. Criteria used to determine the period of time information about you is retained are primarily related to legal requirements and usefulness of the information for the purposes it was collected.

In both of these cases, I haven't used the account in many years (RH: 2020, LT: 2018). It serves no purpose to maintain this account other than to exist as data for some malicious actor to acquire and act upon.

With data leaks happening practically every day, I'm really not comfortable with financial agencies with varying degrees of security keeping my information forever. I would think it would be in their own best interest to comply with a deletion request to prevent anyone from scamming them.

Also, I can't tell you how many websites I've lost access to because my phone number was tied to log in. I previously had a company-issued cell phone and not longer have access to that. Any website that requires a phone number for MFA is just horrible. I'm trying to sign into another financial site now and apparently I'm not able to do so without a phone number I had eight years ago.

Wondering if anyone is familiar with this federal regulation that requires they hold on to this information and if there's some sort of way around this either with a lawyer or federal form or something.

cross-posted from: https://lemmy.ml/post/20406932

I may go for short term work in either South Korea or Saudi for a few months. Does anybody have any idea, how safe it is to use a VPN as a foreigner in these countries? Worse case scenario, can I use a VPN in a Azure VM and scp torrent downloaded files or something?